The present invention relates in general to data communications and, more particularly, to cryptographic processing systems such as, for example, systems for processing Internet Protocol Security (IPSec) packets to achieve high-speed security for the transmission of IP packets.
Security protocols are used widely in modern communications to provide secure transfer of information such as, for example, communication over the Internet. One such security protocol is the standard IPSec internet protocol security specified in “Request for Comments” (RFC) 2401, “Security Architecture for the Internet Protocol”, which is hereby incorporated by reference.
IPSec is a method of protecting IP packets. IPSec can be used to protect one or more “paths” or tunnels between a pair of hosts, between a pair of security gateways (e.g., routers or firewalls implementing IPSec), or between a security gateway and a host. For example, a single encrypted tunnel can be created to carry all the traffic between two security gateways as in a secure virtual private network (VPN).
IPSec includes anti-replay protection, which detects the arrival of duplicate IP packets within a constrained window. In replay attacks, applications get bombarded with replay packets. IPSec overcomes this by detecting packets replayed by rogue hosts.
IPSec packets are protected against replay attacks by using a sequence number and a sliding receive window. The receive window can be any size greater than 32 packets. Each IPSec header for a packet contains a unique and monotonically increasing sequence number. A so-called security association is a construct that associates security services and a key with the packet traffic to be protected. When a security association is created, the sequence number is initialized to zero and prior to IPSec output processing, the value is incremented.
A received packet must be new and must fall either inside the receive window or have a sequence number greater than that of any prior received packet, otherwise the packet is dropped. A packet that is received late (i.e., having a sequence number less than the receive window) will be dropped.
Existing cryptographic processing systems typically perform anti-replay checks using software in a host processor or firmware in a network processor. One problem with existing anti-replay implementations is that the processing requirements are such that high-speed packet communications are difficult to achieve. For example, IPSec anti-replay processing implemented in a typical software processing system may hinder the ability to achieve broadband communications such as, for example, OC24 or OC192 data rate communications in optical networks. Another problem is that implementing anti-replay functionality in firmware increases the integrated circuit layout space required when manufacturing an embedded security processor to provide the anti-replay code in the firmware.
Because of the amount of processing required to support replay protection, prior software or firmware-based systems typically limit the size of the receive window to 32 or 64 packets. However, as communication rates increase to optical network speeds, it is desirable to have an even larger receive window to avoid losing valid packets with lower sequence numbers that arrive out of order, due to differing Internet routes used in transmission, and later than packets with higher sequence numbers.
Hence, there is a need for a cryptographic processing system and method that implements anti-replay protection at increased speeds to accommodate ever increasing secure communication speeds. There is also a need for a system and method that permits the ready use of larger receive window (i.e., anti-replay mask) sizes and that reduces the amount of program code required in software or firmware to perform security data packet processing.